Directory listing in Apache is provided by the AutoIndex module. If enabled, Apache will show the list of files and folders if no DirectoryIndex files are present in a particular path or folder.

Example of common DirectoryIndex files are index.html, index.htm, index.php and welcome.html, configurable in Apache configuration file.

It's a handy feature for sure but you might want to disable directory browsing for security or any other other reasons.

Automated directory index for Apache could be disabled by disabling mod_autoindex altogether, set appropriate options in Apache configuration file or by using htaccess file.

Methods to disable directory listing in Apache:

Method 1: Disable Apache directory listing by disabling autoindex module

The easiest way is probably to disable the autoindex module entirely and disabling the module would affect all the sites hosted on the server.

  1. Open Apache's configuration file using your preferred text editor. 
    $ sudo vi /etc/apache2/httpd.conf

    Apache configuration files

  2. Disable autoindex module by searching and commenting the LoadModule directive for autoindex. 
    #LoadModule autoindex_module libexec/apache2/mod_autoindex.so

    How to enable or disable Apache modules

    User of Ubuntu and Debian derivatives can use a2dismod utility to disable the module. 

    $ sudo a2dismod autoindex
  3. Restart Apache for the changes to take effect.

    How to start, restart and stop Apache service

Method 2: Disable Apache directory listing via Directory's Options directive

You can add -Indexes to Options directive in Apache's configuration file to fully disable directory listing, or add the same -Indexes option into Directory configuration to disable the feature per-directory.

  1. Open Apache's configuration file using your preferred text editor. 
    $ sudo vi /etc/apache2/other/mysite.conf

    Apache configuration files

  2. Add -Indexes to Options directive. 
    <Directory /var/www/mysite>
    Options -Indexes
</Directory>

    Notice that it's -Indexes and not +Indexes

  3. Restart Apache for the changes to take effect.

    How to start, restart and stop Apache service

Method 3: Disable Apache directory listing using .htaccess

If you don't have administrator access to the system or just want to easily manage directory listing on per-directory basis, you can use the above Options -Indexes directive in htaccess files.

  1. Open or create htaccess file on the directory that you wnt to disable listing using your preferred text editor. 
    $ sudo vi /var/www/mysite/.htaccess
  2. Add -Indexes to Options directive in the htaccess file. 
    Options -Indexes

Guide compatibility:

Operating System
Ubuntu 16.04 LTS (Xenial Xerus)
Ubuntu 16.10 (Yakkety Yak)
Ubuntu 17.04 (Zesty Zapus)
Ubuntu 17.10 (Artful Aardvark)
Ubuntu 18.04 LTS (Bionic Beaver)
Ubuntu 18.10 (Cosmic Cuttlefish)
Ubuntu 19.04 (Disco Dingo)
Discuss the article:

Comment anonymously. Login not required.

author: shakir
Share!